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WHAT IS CLAIMED IS: 

1. An access authentication system for providing 
a client with a service of connection to a second 
terminal server via a first terminal server, 

5 characterized by comprising: 

a first authentication server for determining 
P% whether or not the client should be connected to the 

first terminal server, on the basis of personal 
1^ information input by the client to the first terminal 

10 server, the first authentication server creating first 

ticket data by encoding a client parameter, which 
P includes part of the personal information, on the basis 

H of a predetermined formula, and transferring the first 

ffl 

D ticket data to the second terminal server; and 

15 a second authentication server for detecting 

whether or not the client parameter is valid and 
whether or not the first ticket data has been used, 
creating second ticket data by encoding the client 
parameter on the basis of a predetermined formula, 
2 0 comparing the first and second ticket data, and 

supplying the second terminal server with data 
indicative of whether or not the second terminal server 
should be connected to the client. 

2. The access authentication system according to 
25 claim 1, characterized in that the predetermined 

formula is suiranarization using a one-way function. 

3 . The access authentication system according to 
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claim 1, characterized in that the client parameter 
includes at least one of ID information of the client, 
an access-originator IP address and an expiration date 
set for the first ticket data. 
5 4 . The access authentication system according to 

claim 1, characterized in that the first and second 
authentication servers include a predetermined common 
character string in the first and second ticket data, 
respectively. 

10 5. The access authentication system according to 

claim 4, characterized in that the common character 
string is changed at a predetermined point in time. 

6. An access authentication system for providing 
a client with a service of connection to a second 

15 terminal server via a first terminal server, 

characterized by comprising: 

a first authentication server for determining 
whether or not the client should be connected to the 
first terminal server, on the basis of ID information 

20 and a password input by the client to the first 

terminal server, the first authentication server 
creating first ticket data by encoding client 
parameters, which include the ID information, an 
access-originator IP address of the client, a 

25 predetermined expiration date and a common character 

string, on the basis of a predetermined formula, and 
transferring the first ticket data to the second 



terminal server; and 

a second authentication server for comparing an 
access-originator IP address input by the client to the 
second terminal server with the access-originator IP 
address of the client included in the client parameter, 
thereby determining whether or not access by the client 
has been executed on or before the expiration date, 
determining whether or not the first ticket data has 
been used, creating second ticket data by encoding the 
client parameters on the basis of a predetermined 
formula, comparing the first and second ticket data, 
and supplying the second terminal server with data 
indicative of whether or not the second terminal server 
should be connected to the client. 

7. An access authentication system for providing 
a client with a service of connection to a second 
terminal server via a first terminal server, 
characterized by comprising: 

first personal information acquiring means for 
acquiring personal information input by the client to 
the first terminal server; 

first authentication means for determining whether 
or not the client should be connected to the first 
terminal server, on the basis of the personal 
information; 

first ticket data creating means for creating 
first ticket data by encoding a client parameter, which 
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includes part of the personal information, on the basis 
of a predetermined formula; 

transfer means for transferring data to the second 
terminal server; 
5 second personal information acquiring means for 

acquiring personal information input by the client to 
the second terminal server; and 

second authentication means for creating second 
ticket data by encoding the client parameter, which 
10 contains the part of the personal information, on the 

basis of a predetermined formula, comparing the first 
and second ticket data, and supplying the second 
terminal server with data indicative of whether or not 
the second terminal server should be connected to the 
15 client. 

8. The access authentication system according to 
claim 7, characterized in that the predetermined 
formula is summarization using a one-way function. 

9. The access authentication system according to 
2 0 claim 7, characterized in that the first and second 

ticket creating means include a predetermined common 
character string in the first and second ticket data, 
respectively. 

10. The access authentication system according to 
25 claim 7, characterized in that the second 

authentication means judges validity of the first 
ticket data. 
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11. The access authentication system according to 
claim 1 , characterized in that the second 
authentication means judges legality of the client 
parameter. 

5 12. An access authentication system for providing 

a client with a service of connection via a first 
terminal server, characterized by comprising: 

first personal information acquiring means for 
acquiring personal information from the client; 

10 first authentication means for determining whether 

or not the client should be connected to the first 
terminal server, on the basis of the personal 
information; 

first ticket data creating means for creating 

15 first ticket data by encoding a client parameter, which 

includes at least part of the personal information, on 
the basis of a predetermined formula if the first 
authentication means determines that the client should 
be connected to the first terminal server; and 

20 transfer means for transferring the first ticket 

data. 

13. An access authentication system for providing 
a client with a service of connection to a second 
terminal server, characterized by comprising: 
25 first ticket data acquiring means for acquiring 

first ticket data created by encoding a client 
parameter, which includes part of personal information 



of the client, on the basis of a predetermined formula; 

second personal information acquiring means for 
acquiring personal information from the client; 

second ticket creating means for creating second 
ticket data by encoding a client parameter, which 
includes part of personal information acquired by the 
second personal information acquiring means, on the 
basis of a predetermined formula; and 

judging means for comparing the first and second 
ticket data, and judging whether or not the client 
should be connected to the second terminal server. 

14. A computer-readable storage medium that stores 
a program for operating a computer, the program being 
characterized by comprising: 

first personal information acquiring means for 
acquiring personal information from a client in a first 
terminal server; 

first authentication means for determining whether 
or not the client should be connected to the first 
terminal server, on the basis of the personal 
information; 

first ticket data creating means for creating 
first ticket data by encoding a client parameter, which 
includes at least part of the personal information, on 
the basis of a predetermined formula if the first 
authentication means determines that the client should 
be connected to the first terminal server; 



transfer means for transferring the first ticket 
data to a second terminal server; 

first ticket data acquiring means for acquiring 
the first ticket data in the second terminal server; 

second personal information acquiring means for 
acquiring personal information from the client in the 
second terminal server; 

second ticket creating means for creating second 
ticket data by encoding a client parameter, which 
includes part of personal information, on the basis of 
the predetermined formula; and 

second authentication means for comparing the 
first and second ticket data, thereby determining 
whether or not the client should be connected to the 
second terminal server. 

15. A computer-readable storage medium that stores 
a program for operating a computer, the program being 
characterized by comprising: 

first personal information acquiring means for 
acquiring personal information from the client in a 
first terminal server; 

first authentication means for determining whether 
or not the client should be connected to the first 
terminal server, on the basis of the personal 
information; 

first ticket data creating means for creating 
first ticket data by encoding a client parameter, which 
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includes at least part of the personal information, on 
the basis of a predetermined formula if the first 
authentication means determines that the client should 
be connected to the first terminal server; and 
5 transfer means for transferring the first ticket 

data. 

16. A computer-readable storage medium that stores 
a program for operating a computer, the program being 
characterized by comprising: 

10 first ticket data acquiring means for acquiring 

first ticket data created by encoding a client 
parameter, which includes part of personal information 
of the client, on the basis of a predetermined formula 
in a second terminal server; 

15 second personal information acquiring means for 

acquiring personal information from the client in the 
second terminal server; 

second ticket creating means for creating second 
ticket data by encoding a client parameter, which 

2 0 includes part of the personal information, on the basis 

of the predetermined formula; and 

second authentication means for comparing the 
first and second ticket data, thereby determining 
whether or not the client should be connected to the 

25 second terminal server. 

17. A program for operating a computer, 
comprising: 



first personal information acquiring means for 
acquiring personal information from a client in a first 
terminal server; 

first authentication means for determining whether 
or not the client should be connected to the first 
terminal server, on the basis of the personal 
information; 

first ticket data creating means for creating 
first ticket data by encoding a client parameter, which 
includes at least part of the personal information, on 
the basis of a predetermined formula if the first 
authentication means determines that the client should 
be connected to the first terminal server; 

transfer means for transferring the first ticket 
data to a second terminal server; 

first ticket data acquiring means for acquiring 
the first ticket data in the second terminal server; 

second personal information acquiring means for 
acquiring personal information from the client in the 
second terminal server; 

second ticket creating means for creating second 
ticket data by encoding a client parameter, which 
includes part of personal information, on the basis of 
the predetermined formula; and 

second authentication means for comparing the 
first and second ticket data, thereby determining 
whether or not the client should be connected to 



the second terminal server. 

18. A program for operating a computer, 
comprising: 

first personal information acquiring means for 
acquiring personal information from the client in 
a first terminal server; 

first authentication means for determining whether 
or not the client should be connected to the first 
terminal server, on the basis of the personal 
information; 

first ticket data creating means for creating 
first ticket data by encoding a client parameter, which 
includes at least part of the personal information, on 
the basis of a predetermined formula if the first 
authentication means determines that the client should 
be connected to the first terminal server; and 

transfer means for transferring the first ticket 

data. 

19. A program for operating a computer, 
comprising: 

first ticket data acquiring means for acquiring 
first ticket data created by encoding a client 
parameter, which includes part of personal information 
of the client, on the basis of a predetermined formula 
in a second terminal server; 

second personal information acquiring means for 
acquiring personal information from the client in 



the second terminal server; 

second ticket creating means for creating second 
ticket data by encoding a client parameter, which 
includes part of the personal information, on the basis 
of the predetermined formula; and 

second authentication means for comparing the 
first and second ticket data, thereby determining 
whether or not the client should be connected to the 
second terminal server. 

20. An access authentication method for providing 
a client with a service of connection to a second 
terminal server via a first terminal server, 
characterized by comprising: 

a first authentication step of determining whether 
or not the client should be connected to the first 
terminal server; 

a first ticket data creating step of creating 
first ticket data by encoding a client parameter, which 
includes at least part of personal information input by 
the client, on the basis of a predetermined formula; 

a data transfer step of transferring the client 
parameter and the first ticket data to the second 
terminal server; 

a detection step of detecting whether or not the 
client parameter in the first terminal server is valid, 
and whether or not the first ticket data has been used; 

a second ticket data creating step of creating a 



second ticket data by encoding the client parameter on 
the basis of a predetermined formula; 

a ticket data comparison step of comparing the 
second ticket data with the first ticket data; and 

a second authentication step of determining 
whether or not the client should be connected to the 
second terminal server, on the basis of results 
obtained at the determination step and the comparison 
step. 



